Forum Discussion

Brass Contributor

Apr 25, 2018

Configuring Alerts

I need help with configuring Alerts. To get started, I setup an alert for a simple query: WDAVThreat | where ThreatStatus == "Remediated" Trying to be alerted to a Windows Defender threat (ul...

azure monitor

Query Language

Stanislav_Zhelyazkov

MVP

Apr 27, 2018

I would suggest reading my blog post on this topic:

https://cloudadministrator.wordpress.com/2018/03/16/using-custom-log-search-alerts-based-on-metric-measurement-for-event-based-logs/

The scenario I am proposing can be used in your case I think as it is universal.

I do not have information on the ITSM connection but I believe there are no controls on automatically populating certain data from the alert to go into specific fields of the incident/event.